These are the open source tools i mentioned, i've never used them, but according to information, they should be able to search using regex:
https://www.autopsy.com/ https://www.sleuthkit.org/When you mention the open source tool do you refer to pywallet ?
I will download X-ways today and try to source files this way.
i have downloaded bitcoin core and have created a wallet which generated a wallet.dat file. Today I will manually recreate the following procedure:
1. Copy the Bitcoin data folder to external HDD drive
2. Quick Fragment the drive
3. Run X-ways and try searching for the file with the guidance given from you above with X-ways
[Note] I have done this will creating Known file type but I was not able to recover the file from the drive (it was external USB Drive) I guess I didn't write the XML (Known file type) correctly.
Is there anyway I can send you the file I have created and see if it is correct ?
Also if you have further advice I would highly appreciate !
1.X-ways is not freeware, and it's quite pricy
2. To verify the header of a newly generated wallet.dat file, you really only need to look at the file in a hex viewer, skip all the other steps.
3. I'll be happy to guide you, if you get x-ways up and running
The XML file you refer to is a R-studio file (known file type) - I would'nt be able to know if it was right, as I do not use that software, however you can give it a shot and send the one you created but i will need another XML file that works, and have that as a base reference.
Since you're using R-studio, maybe try and search for other deleted files you know should be there, it could be an image or a document
Hi,
I have used chat GPT to compare features of R-studio and X-Ways forensics. I see now why x-ways is way more advanced but I don't think I would be able to use most of the features that the software provides.
The only feature which I would need from X-ways would essentially be the regex features, because I wouldn't be able to perform advanced forensic search on a corrupted file, trying to restore it.
Given this I would try Autopsy open source software. In case I find the file and it is corrupted would you be able to guide me in fixing the corrupted file or whatsoever. I am unaware and unacknowledged about how to proceed so I would go with the basic tools to begin with.
Probably I will use R-Studio to make disk image and perform an advanced scan and I will try to create a known file type to search, if it doesn't work I will perform an autopsy regex. Is autopsy regex the same as known file type data search?
I will have access to the HDD in Friday so I hope I can find you here again, latest Saturday?
I am looking forward your answer.